{"id":7266,"date":"2023-08-31T00:12:07","date_gmt":"2023-08-31T00:12:07","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=7266"},"modified":"2023-08-31T00:12:09","modified_gmt":"2023-08-31T00:12:09","slug":"azure-advanced-threat-protection-sensor-not-starting","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/azure-advanced-threat-protection-sensor-not-starting","title":{"rendered":"Azure Advanced Threat Protection Sensor not starting"},"content":{"rendered":"\n<p>C:\\Program Files\\Azure Advanced Threat Protection Sensor\\2.213.17065.12431\\Logs\\Microsoft.Tri.Sensor-Errors.log<\/p>\n\n\n\n<p>C:\\Program Files\\Azure Advanced Threat Protection Sensor\\2.213.17065.12431\\Logs\\Microsoft.Tri.Sensor.log<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>I had to add the GroupManagedServiceAccount to the LogOnAsService to the Domain Controller<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/08\/image-7.png\"><img loading=\"lazy\" decoding=\"async\" width=\"431\" height=\"514\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/08\/image-7.png\" alt=\"\" class=\"wp-image-7267 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/08\/image-7.png 431w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/08\/image-7-252x300.png 252w\" sizes=\"auto, (max-width: 431px) 100vw, 431px\" \/><\/a><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>2023-08-30 23:32:58.0542 Info RemoteImpersonationManager CreateImpersonatorInternalAsync started [UserName=ATPSensor Domain= IsGroupManagedServiceAccount=True]<br>2023-08-30 23:32:58.1172 Info RemoteImpersonationManager GetGroupManagedServiceAccountTokenAsync finished [UserName=ATPSensor Domain=.local IsSuccess=False]<br>2023-08-30 23:32:58.1172 Info RemoteImpersonationManager CreateImpersonatorInternalAsync finished [UserName=ATPSensor Domain=.local]<br>2023-08-30 23:32:58.1235 Warn DirectoryServicesClient CreateLdapConnectionAsync failed to retrieve group managed service account password. [DomainControllerDnsName=-DC-01..local Domain=.local UserName=ATPSensor ]<br>2023-08-30 23:32:58.3092 Error DirectoryServicesClient+d__47 Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync failed [DomainControllerDnsName=-DC-01..local]<br>at async Task Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)<br>at async Task Microsoft.Tri.Sensor.DirectoryServicesClient.TryCreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)<br>2023-08-30 23:32:58.3442 Error DirectoryServicesClient Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with configured domain controllers [ _domainControllerConnectionDatas=-DC-01..local]<br>at new Microsoft.Tri.Sensor.DirectoryServicesClient(IConfigurationManager configurationManager, IDirectoryServicesDomainNetworkCredentialsManager domainNetworkCredentialsManager, IDomainTrustMappingManager domainTrustMappingManager, IRemoteImpersonationManager remoteImpersonationManager, IMetricManager metricManager, IWorkspaceApplicationSensorApiJsonProxy workspaceApplicationSensorApiJsonProxy)<br>at object lambda_method(Closure, object[])<\/p>\n","protected":false},"excerpt":{"rendered":"<p>C:\\Program Files\\Azure Advanced Threat Protection Sensor\\2.213.17065.12431\\Logs\\Microsoft.Tri.Sensor-Errors.log C:\\Program Files\\Azure Advanced Threat Protection Sensor\\2.213.17065.12431\\Logs\\Microsoft.Tri.Sensor.log I had to add the GroupManagedServiceAccount to the LogOnAsService to the Domain Controller 2023-08-30 23:32:58.0542 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7266","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/7266","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=7266"}],"version-history":[{"count":1,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/7266\/revisions"}],"predecessor-version":[{"id":7268,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/7266\/revisions\/7268"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=7266"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=7266"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=7266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}